Social Engineering: Examples

So these are very real spoofing emails and different attacks. So this one’s a pretty common one. I see this one quite a bit - Amazon Service Reminder message - Greetings from Amazon. We placed on hold all your orders from Amazon because we detected unusual activity on it. You can help us by unlocking this account and logging in to your account and following the on-screen instructions. And it’s got the Amazon logo. It’s got the Amazon type font on there. There’s a button to verify my information, and this type of attack is essentially a fear attack. I can’t get my packages anymore. I can’t get my Amazon packages. My account’s on hold.

I need to click this verify information and enter my credentials. So what this is doing is it’s forcing me to take action, because if I don’t do this, I won’t be able to get my packages. I won’t be able to make orders and whatnot from Amazon. And, of course, what happens when I click that verify button, it’s going to take me to a very real looking Amazon page. I’m going to log in with my account, and they’re going to steal my login and password. So that is one type of attack, and this is a social engineering attack. Again, it’s presenting itself as Amazon.

It’s forcing me - it’s trying to scare me into oh, I got to verify my information, otherwise I can’t get my Amazon stuff. And if we look up here, we can see it’s actually not Amazon’s email address. It’s this really weird email address at mmxtheater.com. So obviously it’s not an Amazon email. But if you’re not paying close attention– if you’re just looking at the header Amazon service reminder, and it’s got this official looking number on it, and it’s got the Amazon logo on there, and it’s got the type font and whatnot, it kind of looks like an Amazon email. And when I look over here, if I’m just glancing I see something.amazon.com.

So a lot of users will think OK, well, this is from Amazon. It says it’s from Amazon. It’s got an Amazon logo. It looks like an Amazon email. Let me click this button and at least see where it goes. And, of course, it’s going to look like an Amazon website, even though it’s not going to be amazon.com. So again, this is a social engineering type email sent by a spear phishing or phishing email. So this next one is a Microsoft account. Your email account will expire in 48 hours. So again, this is forcing me to take action right away. I have 48 hours to reactivate my account. I’m going to have to click a reactivate button. Sincerely, the Microsoft team.

And this one is pretty good, because if we look up in here, it says account@microsoftonline.com. And again, they’re using the Microsoft Office 365 logo, the type of - we got the watermark down here from Microsoft. We have the Microsoft actual address here. And if I click on the Privacy or Legal button, it will probably actually pull up the real Microsoft legal and privacy agreement. However, if I click on Reactivate or Opt Out, it’s going to take me to a very real looking Microsoft page, and have me log in, and then, of course, steal my credentials. So this is forcing me to take action. I have 48 hours to fill out this information or my account will be deleted.

So again, the idea of social engineering a lot of times is either coercing someone - it’s always coercing someone to do something. And in this case, it’s scaring me into having to take action right away. It’s a scarcity, I have 48 hours. If I don’t hit that 48-hour window and reactivate my account and my credentials, I’m going to lose my account. So the easy way to figure this one out is well, I don’t have an Office 365 account, and matter of fact, if I look up this email address - this account@microsoftonline.com, you’ll actually find information that hey, this is actually a fake email address. So this is another one I get a lot - PayPal. My PayPal account is limited.

And again, it’s my account’s limited. It’s placed on hold. I’ve got to activate it. Again, if I click Activate, it’s going to take me to a very real PayPal website where I enter my credentials, and of course it’s going to steal it. So and if you look here, here’s another scare tactic. Your PayPal account is used to pay $403 for items on eBay. So again, it’s scaring me into hey, someone took $403 from my PayPal account to buy something on eBay. I never order anything from eBay, or at least not for that amount. So again, if you’re not paying close attention, you’ll see this PayPal logo looks real, the header looks pretty real.

We have the copyright for PayPal and the address here.

But the thing you should be worried about is well, for me, it was well, you sent this to the wrong email. I don’t have my PayPal account tied to the email they sent it to. Second of all, I can see this customer@live.com. It should really be my email address itself. Up here, I’m not sure why it would say Numero Del Caso. Since I am in the United States, everything should have been in English. And we see here that the service@intl.limited.com - that’s not a PayPal address. As a matter of fact, when we look further here, it’s really this long weird email address, and that’s certainly not PayPal. So again, it’s a social engineering attack where it’s trying to scare you.

Hey, my account’s been placed on limited. Someone used money from my PayPal account. I need to find out what’s going on. Click Activate, log in, and, of course, your credentials get stolen.